diff --git a/libpod/container_internal_common.go b/libpod/container_internal_common.go
index 47f2401c4c..60bbf0ae26 100644
--- a/libpod/container_internal_common.go
+++ b/libpod/container_internal_common.go
@@ -2139,11 +2139,13 @@ func (c *Container) addResolvConf() error {
 		if len(networkNameServers) == 0 || networkBackend != string(types.Netavark) {
 			keepHostServers = true
 		}
-		// first add the nameservers from the networks status
-		nameservers = networkNameServers
-
-		// pasta and slirp4netns have a built in DNS forwarder.
-		nameservers = c.addSpecialDNS(nameservers)
+		if len(networkNameServers) > 0 {
+			// add the nameservers from the networks status
+			nameservers = networkNameServers
+		} else {
+			// pasta and slirp4netns have a built in DNS forwarder.
+			nameservers = c.addSpecialDNS(nameservers)
+		}
 	}
 
 	// Set DNS search domains
@@ -2306,8 +2308,13 @@ func (c *Container) addHosts() error {
 	}
 
 	var exclude []net.IP
+	var preferIP string
 	if c.pastaResult != nil {
 		exclude = c.pastaResult.IPAddresses
+		if len(c.pastaResult.MapGuestAddrIPs) > 0 {
+			// we used --map-guest-addr to setup pasta so prefer this address
+			preferIP = c.pastaResult.MapGuestAddrIPs[0]
+		}
 	} else if c.config.NetMode.IsBridge() {
 		// When running rootless we have to check the rootless netns ip addresses
 		// to not assign a ip that is already used in the rootless netns as it would
@@ -2316,16 +2323,27 @@ func (c *Container) addHosts() error {
 		info, err := c.runtime.network.RootlessNetnsInfo()
 		if err == nil {
 			exclude = info.IPAddresses
+			if len(info.MapGuestIps) > 0 {
+				// we used --map-guest-addr to setup pasta so prefer this address
+				preferIP = info.MapGuestIps[0]
+			}
 		}
 	}
 
+	hostContainersInternalIP := etchosts.GetHostContainersInternalIP(etchosts.HostContainersInternalOptions{
+		Conf:             c.runtime.config,
+		NetStatus:        c.state.NetworkStatus,
+		NetworkInterface: c.runtime.network,
+		Exclude:          exclude,
+		PreferIP:         preferIP,
+	})
+
 	return etchosts.New(&etchosts.Params{
-		BaseFile:     baseHostFile,
-		ExtraHosts:   c.config.HostAdd,
-		ContainerIPs: containerIPsEntries,
-		HostContainersInternalIP: etchosts.GetHostContainersInternalIPExcluding(
-			c.runtime.config, c.state.NetworkStatus, c.runtime.network, exclude),
-		TargetFile: targetFile,
+		BaseFile:                 baseHostFile,
+		ExtraHosts:               c.config.HostAdd,
+		ContainerIPs:             containerIPsEntries,
+		HostContainersInternalIP: hostContainersInternalIP,
+		TargetFile:               targetFile,
 	})
 }
 
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index e4b3e71406..aaeb75d3cc 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -617,12 +617,16 @@ func (c *Container) setCgroupsPath(g *generate.Generator) error {
 
 // addSpecialDNS adds special dns servers for slirp4netns and pasta
 func (c *Container) addSpecialDNS(nameservers []string) []string {
-	if c.pastaResult != nil {
+	switch {
+	case c.config.NetMode.IsBridge():
+		info, err := c.runtime.network.RootlessNetnsInfo()
+		if err == nil {
+			nameservers = append(nameservers, info.DnsForwardIps...)
+		}
+	case c.pastaResult != nil:
 		nameservers = append(nameservers, c.pastaResult.DNSForwardIPs...)
-	}
-
-	// slirp4netns has a built in DNS forwarder.
-	if c.config.NetMode.IsSlirp4netns() {
+	case c.config.NetMode.IsSlirp4netns():
+		// slirp4netns has a built in DNS forwarder.
 		slirp4netnsDNS, err := slirp4netns.GetDNS(c.slirp4netnsSubnet)
 		if err != nil {
 			logrus.Warn("Failed to determine Slirp4netns DNS: ", err.Error())
diff --git a/test/system/505-networking-pasta.bats b/test/system/505-networking-pasta.bats
index d4e9914dd3..9f0af92c34 100644
--- a/test/system/505-networking-pasta.bats
+++ b/test/system/505-networking-pasta.bats
@@ -455,7 +455,7 @@ function pasta_test_do() {
 
     # pasta is the default now so no need to set it
     run_podman run --rm $IMAGE grep nameserver /etc/resolv.conf
-    assert "${lines[0]}" == "nameserver 169.254.0.1" "default dns forward server"
+    assert "${lines[0]}" == "nameserver 169.254.1.1" "default dns forward server"
 
     run_podman run --rm --net=pasta:--dns-forward,198.51.100.1 \
         $IMAGE nslookup 127.0.0.1 || :
@@ -835,7 +835,9 @@ EOF
         run_podman '?' run --rm --network=$network $IMAGE grep host.containers.internal /etc/hosts
         if [ "$status" -eq 0 ]; then
             assert "$output" !~ "$pasta_ip" "pasta host ip must not be assigned ($network)"
-            assert "$host_ips" =~ "$(cut -f1 <<<$output)" "ip is one of the host ips ($network)"
+            # even more special we use a new --map-guest-addr pasta option and
+            # to map 169.254.1.2 to the host, https://github.com/containers/common/pull/2136
+            assert "$host_ips 169.254.1.2" =~ "$(cut -f1 <<<$output)" "ip is one of the host ips ($network)"
         elif [ "$status" -eq 1 ]; then
             # if only pasta ip then we cannot have a host.containers.internal entry
             # make sure this fact is actually the case
@@ -848,6 +850,6 @@ EOF
     run_podman network rm $netname
 
     first_host_ip=$(head -n 1 <<<"$host_ips")
-    run_podman run --rm --network=pasta:-a,169.254.0.2,-g,169.254.0.1,-n,24 $IMAGE grep host.containers.internal /etc/hosts
-    assert "$output" =~ "^$first_host_ip" "uses host first ip"
+    run_podman run --rm --network=pasta:-a,192.168.0.2,-g,192.168.0.1,-n,24 $IMAGE grep host.containers.internal /etc/hosts
+    assert "$output" =~ "^($first_host_ip|169.254.1.2)" "uses first host ip or special 169.254.1.2 --map-guest-addr"
 }